nitrotpm

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2024 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Overview

NitroTPM Attestation.

Uses NitroTPM to enable a TPM based measured boot Constellation deployment. The origin of the attesation statement can not be verified.

Issuer

The TPM attestation is signed by the NitroTPM's RSA attestation key. Additionally to the TPM attestation, we attach a node's instance identity document to the attestation document.

Validator

Currently, the NitroTPM provides no endorsement certificate for its attestation key, nor does AWS offer an alternative way of verifying it. For now we have to blindly trust the key.

Additionally to verifying the TPM attestation, we also check the instance identity document for consistency.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Issuer

type Issuer struct {
	variant.AWSNitroTPM
	*vtpm.Issuer
}

Issuer for AWS TPM attestation.

func NewIssuer

func NewIssuer(log attestation.Logger) *Issuer

NewIssuer creates a TPM based issuer for AWS.

type Validator

type Validator struct {
	variant.AWSNitroTPM
	*vtpm.Validator
	// contains filtered or unexported fields
}

Validator for AWS TPM attestation.

func NewValidator

func NewValidator(cfg *config.AWSNitroTPM, log attestation.Logger) *Validator

NewValidator create a new Validator structure and returns it.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL